# Presentation by….

Donald David Prabhu Baptist Rajesh Baranwal

CRYTOGRAPHY

Cryptography (kryptós and gráphein) is the study of the principles and techniques by which information could be concealed in ciphers. It was initially only concerned with providing secrecy for written messages, especially in times of war. It is used in securing data flowing between computers or data stored in them. Because of this broadened interpretation of cryptography, the field of cryptanalysis has also been enlarged.

Key Based Algorithm

Encryption A key-based algorithm uses an encryption key to encrypt the message. This means that the encrypted message is generated using not only the message, but also using a key. These kind of algorithms, based on the substitution of letters, are easily broken.

o

o

o

Diagrammatic Representation

Decryption The receiver can then use a decryption key to decrypt the message. Again, this means that the decryption algorithm doesn't rely only on the encrypted message. It also needs a 'key‘ Some algorithms use the same key to encrypt and decrypt, and some do not

Diagrammatic Representation

Symmetric and Asymmetric key-based algorithms

Symmetric algorithm These type of algorithm uses the same key for encryption and decryption. Although this type of algorithms are generally very fast and simple to implement. Secure systems nowadays tend to use asymmetric algorithms, where a different key is used to encrypt and decrypt the message.

Diagrammatic Representation

Asymmetric algorithm The sender encrypts the message using the receiver's public key. The encrypted message is sent to the receiving end, who will decrypt the message with his private key. What is encrypted with one key is decrypted with the other key using the same algorithm. The encryption algorithm is the same at both ends, only the receiver can decrypt the message because no one else has the private key.

Diagrammatic Representation

Single-Key Cryptography
o

Not suitable for most business and private organizations. They are physically separated such a system would require 499,500 different keys in all, with each user having to protect 999 keys. Protection of all of the keys in the network is shifted to the central authority.

Only a single key is needed for secure communication between two parties. Every potential pair of participants in a larger group needs a unique key.

Two-Key Cryptography
 

Public-key cryptography Public-key systems have a clear advantage over symmetric algorithms: there is no need to agree on a common key for both the sender and the receiver. If someone wants to receive an encrypted message, the sender only needs to know the receiver's public key . As long as the receiver keeps the private key secret, no one but the receiver will be able to decrypt the messages encrypted with the corresponding public key. This is due to the fact that, in public-key systems, it is relatively easy to compute the public key from the private key, but very hard to compute the private key from the public key.

Public-key cryptography Picks a pair and publishes the public key. Public key-encryption key,Private key-decryption key. Key generation is automated with a user selected password fed into the algorithm. To send a secret message to a user,a correspondent encrypts the message with the receiver’s public key. Only the receiver can decrypt the message.

How it works?

Digital Signature

A digital signature or digital signature scheme is a type of asymmetric cryptography. Digital signatures can also provide non-repudiation. Digital signatures are often used to implement electronic signatures. Digitally signed messages may be anything representable as a bitstring.

A digital signature scheme typically consists of three algorithms: A key generation algorithm that selects a private key uniformly at random from a set of possible private keys. The algorithm outputs the private key and a corresponding public key. A signing algorithm which, given a message and a private key, produces a signature. A signature verifying algorithm which given a message, public key and a signature, either accepts or rejects.

Two main properties are required. First, a signature generated from a fixed message and fixed private key should verify on that message and the corresponding public key. Secondly, it should be computationally infeasible to generate a valid signature for a party who does not possess the private key.

Benefits of Digital Signatures

Authentication Digital signatures can be used to authenticate the source of messages. When ownership of a digital signature secret key is bound to a specific user, a valid signature shows that the message was sent by the user.

Integrity However, if a message is digitally signed, any change in the message will invalidate the signature. It may be possible to change an encrypted message without understanding it.

Drawbacks of Digital Signatures

Non-repudiation The word repudiation refers to any act of disclaiming responsibility for a message. A user cannot repudiate a signed message without repudiating their signature key. A non-repudiation service requires the existence of a public key infrastructure (PKI) which is complex to establish and operate.

Association of digital signatures and trusted time stamping Digital signature algorithms and protocols do not inherently provide certainty about the date and time at which the underlying document was signed. The signer might have included a time stamp with the signature, or the document itself might have a date mentioned on it

o

o

 

WYSIWYS (What You See Is What You Sign) It means that the semantic interpretation of a signed message can not be changed. In particular this also means that a message can not contain hidden info that the signer is unaware of, and that can be revealed after the signature has been applied. WYSIWYS is a desirable property of digital signatures that is difficult to guarantee because of the increasing complexity of modern computer systems.

Additional security precautions A more secure alternative is to store the private key on a smart card. The user can only sign documents on that particular computer. The security of the private key depends entirely on the security of the computer.

Creating a Digital Signature

Using the sender's public key, decrypts the digital signature to obtain the message digest generated by the sender. Uses the same message digest algorithm used by the sender to generate a message digest of the received message. Compares both message digests (the one sent by the sender as a digital signature, and the one generated by the receiver).

Hashing

Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. Hashing is used to index and retrieve items in a database because it is faster to find the item using the shorter hashed key than to find it using the original value. It is also used in many encryption algorithms. As a simple example of the using of hashing in databases, a group of people could be arranged in a database.

 

 Diagrammatic Representation

Message Digest

A message digest is a 'summary' of the message we are going to transmit. It is always smaller than the message itself. Even the slightest change in the message produces a different digest. The message digest is generated using a set of hashing algorithms. The message digest is encrypted using the sender's private key. The resulting encrypted message digest is the digital signature.

RSA Algorithm

In cryptography, RSA is an algorithm for public-key cryptography. It is the first algorithm known to be suitable for signing as well as encryption, and one of the first great advances in public key cryptography. RSA is widely used in electronic commerce protocols, and is believed to be secure given sufficiently long keys and the use of up-to-date.

FIREWALL

A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system. It is also a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all computer traffic between different security domains based upon a set of rules and other criteria. A system designed to prevent unauthorized access to or from a private network

Types of Firewall Techniques

Packet filter: Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation.

Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking. Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.

Hardware Firewall

Hardware firewalls can be effective with little or no configuration, and they can protect every machine on a local network. Most hardware firewalls will have a minimum of four network ports to connect other computers, but for larger networks, business networking firewall solutions are available. A hardware firewall uses packet filtering to examine the header of a packet to determine its source and destination

Software Firewall

The most popular firewall choice is a software firewall. A software firewall will protect your computer from outside attempts to control or gain access your computer. The downside to software firewalls is that they will only protect the computer they are installed on, not a network, so each computer will need to have a software firewall installed on it. A good software firewall will run in the background on your system and use only a small amount of system resources

Single Firewall

Single Network Firewall is a comprehensive proxy-firewall suite that ensures the security of vital information entering and leaving a network. "Snort" and "Prelude" Intrusion Detection Systems alert you to network attacks and take action against hostile intruders. Bastille is a powerful "hardening" system that provides extra protection against IP Spoofing attacks. Filtering rules can be created at the user level or by department to control information entering and leaving a network or network subgroup

 Diagrammatic Representation

Distributed Firewall

A distributed firewall is a mechanismthat enforces a centralized rule policy but pushes the enforcement of it toward the edges It is up tothe host machine to fetch the security policy froma repository when an alarm is triggered.

Diagrammatic Representation

THANK YOU